Vulnerability Details CVE-2007-4880
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.889
EPSS Ranking 99.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/38161
- http://secunia.com/advisories/26883
- http://securityreason.com/securityalert/3184
- http://www-1.ibm.com/support/docview.wss?uid=swg21268775
- http://www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only
- http://www.securityfocus.com/archive/1/480492
- http://www.securityfocus.com/bid/25743
- http://www.securitytracker.com/id?1018725
- http://www.vupen.com/english/advisories/2007/3228
- http://www.zerodayinitiative.com/advisories/ZDI-07-054.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36700
- http://osvdb.org/38161
- http://secunia.com/advisories/26883
- http://securityreason.com/securityalert/3184
- http://www-1.ibm.com/support/docview.wss?uid=swg21268775
- http://www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only
- http://www.securityfocus.com/archive/1/480492
- http://www.securityfocus.com/bid/25743
- http://www.securitytracker.com/id?1018725
- http://www.vupen.com/english/advisories/2007/3228
- http://www.zerodayinitiative.com/advisories/ZDI-07-054.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36700
Products affected by CVE-2007-4880
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1.8.0
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2.5.1
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3.5.2
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4
-
cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4.1.1